ambari git commit: AMBARI-20768. Local Ambari user with no cluster role must not be able to access Logsearch UI (Keta Patel via oleewere)

Thu, 20 Apr 2017 04:39:33 -0700 

Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 6e462d46c -> 682bd2319


AMBARI-20768. Local Ambari user with no cluster role must not be able to access 
Logsearch UI (Keta Patel via oleewere)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/682bd231
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/682bd231
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/682bd231

Branch: refs/heads/branch-2.5
Commit: 682bd23194db38ddfeff2743888a9dee91bf514d
Parents: 6e462d4
Author: oleewere <oleew...@gmail.com>
Authored: Thu Apr 20 13:35:25 2017 +0200
Committer: oleewere <oleew...@gmail.com>
Committed: Thu Apr 20 13:36:00 2017 +0200

----------------------------------------------------------------------
 .../security/LogsearchExternalServerAuthenticationProvider.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/682bd231/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git 
a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
 
b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
index e23f0a2..1dab126 100644
--- 
a/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
+++ 
b/ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java
@@ -122,8 +122,9 @@ public class LogsearchExternalServerAuthenticationProvider 
extends LogsearchAbst
 
     List<String> values = new ArrayList<>();
     JSONUtil.getValuesOfKey(responseJson, 
PrivilegeInfo.PERMISSION_NAME.toString(), values);
-    if (values.isEmpty())
-      return true;
+    if (values.isEmpty()) {
+      return false;
+    }
     
     if (allowedRoleList.length > 0 && responseJson != null) {
       for (String allowedRole : allowedRoleList) {

Reply via email to